> For the complete documentation index, see [llms.txt](https://docs.sprinto.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.sprinto.com/monitors/extended-checks-in-mdm-tool-comms/jamf-extended-checks-for-screen-lock.md).

# JAMF – Extended Checks for Screen Lock

Sprinto’s enhanced integration with **JAMF** now supports automated monitoring of the **Screen Lock** compliance requirement in addition to existing checks such as **OS version**, **Antivirus**, and **Disk Encryption**.

This enhancement helps compliance teams continuously track screen lock enforcement across JAMF-managed macOS devices, reducing manual verification and audit overhead.

***

### Supported Checks

<table><thead><tr><th width="216.94140625">Compliance Requirement</th><th width="423.453125">Description</th><th>Supported</th></tr></thead><tbody><tr><td>OS Version</td><td>Verifies that the operating system is up to date</td><td>✔️</td></tr><tr><td>Disk Encryption</td><td>Confirms that FileVault encryption is enabled</td><td>✔️</td></tr><tr><td>Antivirus</td><td>Detects the presence of supported antivirus software</td><td>✔️</td></tr><tr><td>Screen Lock</td><td>Ensures a screen saver and password protection are enforced</td><td>✔️ <em>(New)</em></td></tr></tbody></table>

***

### How It Works

Sprinto connects to the JAMF API to read configuration profiles applied to devices.

The **Screen Lock** monitor passes when:

* A configuration profile named *Screen Saver* (or equivalent) is applied to the device.
* The **Start screen saver after** setting is **15 minutes or less**.
* The **Require Passcode to Unlock Screen** option is enabled.

If any of these configurations are missing or exceed the time threshold, the monitor will show as failing in Sprinto.

***

### Prerequisites

Before enabling this check, ensure that:

* You have admin access to your **JAMF Pro** account.
* You can create or edit **Configuration Profiles** for macOS devices.
* Devices are correctly scoped under the configuration profiles.

***

### Configure Screen Lock in JAMF

Follow these steps to enable and enforce the screen lock requirement via JAMF:

#### 1. Access Configuration Profiles

1. Log in to your **JAMF Pro** account.
2. Navigate to **Computers** → **Configuration Profiles**.
3. Select **Create a New Profile**, or edit an existing one.

#### 2. Configure Login Window Settings

1. In the profile editor, open the **Login Window** section.
2. Under **Options**, enable **Start screen saver after**.
3. Set the idle timeout to **15 minutes or less**.

{% hint style="info" %}
Sprinto accepts a maximum timeout of 15 minutes.
{% endhint %}

#### 3. Configure Security and Privacy Settings

1. Within the same profile, go to **Security & Privacy**.
2. Enable **Require Passcode to Unlock Screen** to enforce password protection after sleep or screen saver activation.

#### 4. Save and Deploy the Profile

1. Save the configuration profile.
2. Assign or **scope the profile to the relevant device groups** to ensure enforcement.

{% hint style="info" %}
The screen lock policy will not take effect unless assigned to at least one device group.
{% endhint %}

***

### Troubleshooting

| Issue                       | Possible Cause                           | Resolution                                                            |
| --------------------------- | ---------------------------------------- | --------------------------------------------------------------------- |
| Screen Lock monitor failing | Profile not assigned to any device group | Assign the profile to the relevant devices                            |
| Screen Lock monitor failing | Timeout set above 15 minutes             | Reduce to **15 minutes or less**                                      |
| Screen Lock monitor failing | Passcode requirement not enabled         | Enable **Require Passcode to Unlock Screen** under Security & Privacy |
| Screen Lock monitor missing | JAMF API access not configured           | Verify API credentials and permissions in the integration             |

***

### Next Steps

Once configured:

* The **Screen Lock** monitor will appear under the **Staff Devices** section in Sprinto.
* Any non-compliant devices will be flagged automatically.
* Sprinto will generate remediation tasks to help teams achieve compliance.

***

### Related Articles

* [Integrating JAMF with Sprinto](/integrations/overview/jamf-integration.md)
* [Staff Devices – Extended MDM Checks Overview](/monitors/extended-checks-in-mdm-tool-comms.md)
* [Managing Compliance Policies in Sprinto](/policies/dashboard-actions/manage-policies-and-versions.md)


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.sprinto.com/monitors/extended-checks-in-mdm-tool-comms/jamf-extended-checks-for-screen-lock.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.